0

目前我正在使用以下代码:

$sql = sprintf("SELECT * FROM users WHERE email = '%s' and password = '%s'", $email, $password);

我想完成以下任务:

$sql = sprintf("SELECT * FROM database1.users AND database2.users WHERE email = '%s' and password = '%s'", $email, $password);

我需要检查用户是否存在于任一表中。

有关如何处理此问题的任何建议?

4

3 回答 3

2

您可以使用 aUNION来组合这两个查询:

SELECT * FROM database1.users WHERE email = '%s' and password = '%s'
UNION
SELECT * FROM database2.users WHERE email = '%s' and password = '%s'
于 2012-08-15T20:31:36.760 回答
0

您的查询可以如下:

SELECT table1.*, table2.* FROM table1 JOIN table2
ON table1.userID=table2.userID WHERE email=? AND password=? LIMIT 1

将变量附加到 SQL 查询是非常危险的,虽然您善意地使用 sprintf,但它并不能实现您的意图。使用准备好的语句来正确防范 SQL 注入。

于 2012-08-15T20:47:46.440 回答
0
SELECT IF(A.UserFound*B.UserFound=0,'No','Yes') Authenticated
FROM
(
    SELECT COUNT(1) UserFound FROM database1.users
    WHERE email = '%s' and password = '%s'
) A,
(
    SELECT COUNT(1) UserFound FROM database2.users
    WHERE email = '%s' and password = '%s'
) B;
于 2012-08-15T21:01:29.710 回答